CVE-2021-3642 – org.wildfly.security:wildfly-elytron

Package

Manager: maven
Name: org.wildfly.security:wildfly-elytron
Vulnerable Version: >=0 <1.10.14 || >=1.11.0 <1.15.5 || =1.16.0 || >=1.16.0 <1.16.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00267 pctl0.49925

Details

Observable Discrepancy in Wildfly Elytron A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.

Metadata

Created: 2022-05-24T19:10:03Z
Modified: 2022-06-22T17:49:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5499-qjvh-6j7w/GHSA-5499-qjvh-6j7w.json
CWE IDs: ["CWE-203"]
Alternative ID: GHSA-5499-qjvh-6j7w
Finding: F026
Auto approve: 1